Summary
This guide walks you through installing an SSL/TLS Server Certificate for F5 BIG IP 13.x and higher
SSL/TLS Certificate Installation Guide for F5 BIG IP 13.x and Higher
NOTE:
As of November 12, 2024, Entrust introduced a new TLS certificate hierarchy as part of the deployment. The TLS certificate delivery now includes two certificate chains. The delivery of these certificate chains can be in the form of:
- Individual files. Intermediate 1 (filename: intermediate1.crt ) and Intermediate 2 (filename: intermediate2.crt ) or
- Concatenate PEM file (filename: CertificateBundle1.pem/CertificateBundle2.pem ) or
- P7B format file (filename: Certificatebundle.p7b )
Both intermediate/chain certificates must be installed in your environment.
Installation is in two parts:
- Install the Chain/Intermediate Certificate
- Install the Server Certificate
Part 1: Install the Chain/Intermediate Certificate
- Launch the F5 BIG-IP web GUI
- On the main tab, expand System
- Go to Certificate Management > Traffic Certificate Management > SSL Certificate List to display the list of existing certificates:
- In the upper right corner, click Import
- In theImport Typedropdown list, select Certificate
- In the Certificate Name field, enter EntrustChain
- In the Certificate Source box, browse to the location of the ChainBundle1.crt file
- Click Import
- The new certificate appears in the list.
Part 2: Install the Server Certificate
- Go back to System > Certificate Management > Traffic Certificate Management > SSL Certificate List to display the list of existing certificates
- Click the name assigned to the private key file when creating your Certificate Signing Request.
- Click Import
- In the Certificate Source box, browse to the location of the ServerCertificate.crt file that you downloaded, then click Import
- The Server Certificate and Key should now appear in the list.
- On the main tab of the F5 BIG-IP interface, expand Local Traffic and then click Profiles
- In the top menu bar, select Client from the SSL dropdown list
- Create a new SSL Profile by clicking Create , or open an existing SSL profile that has already been set up
- In the Configuration dropdown list, select Advanced
- In the Configuration section, select the Custom checkbox
- Click Add
- Under Certificate , select your Server Certificate--it will appear with the same friendly name as the private key
- In the Key dropdown list, select the name of the key that was generated when you requested your certificate
- In the Chain dropdown list, select EntrustChain, which was imported in Part 1 above
- Click Add
- Your certificate appears in the Certificate Key Chain text box
- Scroll down and then click Finished
Your SSL/TLS certificate should now be installed.
Check that your certificate has been successfully installed by testing it on the Entru